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Abstract: Due to the rapid growth of the internet and e-com- 
merce, more and more digital products and multimedia con- 
tents are sold and transmitted over the internet. However, it 
also poses threats to copyright protection and to customers' 
privacy.Digital watermarks are used for protecting the digital 
contents from unauthorized duplication and distribution over 
internet. This can be achieved by inserting a unique digital 
watermark into each copy of the content before it is sold by 
the content owner (seller) to a buyer. This paper proposes a 
new enhanced privacy preserving Buyer-Seller watermarking 
protocol for anonymous transaction. Apart from solving the 
generic problems, this novel method is also finding solutions 
to Anonymity, Unlinkability and Loyalty marketing problem. 

I. Introduction 

The wide use of the internet and the rapid development 
of information and communication technology have 
facilitated the proliferation of online purchases of digital and 
multimedia contents. In turn all types of multimedia contents 
can be easily stored, traded, distributed and replicated in 
digital form without a loss of quality. In this context digital 
copyright protection of multimedia information is a main 
cause that needs to be addressed. On the other hand, how to 
protect the rights and provide security for both the sellers 
and the buyer is another challenge. 

The encryption and digital watermarking are recognized 
as promising technique for network security and copyright 
protection. The encryption is to prevent unauthorized access 
to a digital content. But the limitation is that once the content 
is decryption, it doesn't prevent illegal replication by an 
authorized user. Digital watermarking [1,6] complimented with 
encryption technique is to provide copyright ownership by 
embedding the seller's and buyer's identity in the distributed 
content. This is to trace and identify the copyright violation. 

A buyer-seller watermarking protocol is one that combines 
encryption, digital watermarking,and other techniques to 
ensure protection of rights and privileges of both the buyer 
and the seller in ecommerce. An efficient buyer-seller 
watermarking protocol is expected to solvethe following 
existing issues, apart from any another suggested new 
problems. 

1. The piracy tracing problem: once a pirated copy is found, 
the seller or arbitrator should be able totrace and identify the 
copyright violator. 

2. The customer 's rights problem: since the selleris entitled 
to the responsibility of generating and inserting digital 
watermarks, they are granted access to each copy of 
thewatermark or watermarked digital content. A malicious 
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seller may replicate the digital content illegally to from the 
innocent buyer for any piracy. 

3. Unbinding problem: it is possible for the seller to 
intentionally transplant the watermark embedded in the pirated 
copy into another copy of the higher priced digital content, 
provided both copies are sold to the same customer, to 
produce made-up piracy so that the seller can get 
compensated more. 

4. The anonymity problem: the identity of a buyer and the 
purchase history should remain unexposed 
duringtransactions unless he is proven to be guilty. 

5. Conspiracy problem: a malicious seller may collude with 
an untrustworthy third party to fabricate piracy to frame an 
innocent buyer; on the other hand, a malicious buyer may 
collude with an untrustworthy third party can found the 
tracing of piracy by removing the watermark from digital 
content. 

6. Dispute resolution problem: The buyer's participation in 
the dispute resolution is against the general practice of law, 
since it is the seller's responsibility to prove the guilty of the 
buyer not in reverse. 

7. Loyalty marketing problem: The buyer being anonymous, 
the seller cannot give discounts to regular buyers or apply 
other loyalty marketing techniques. 

Accordingly, a buyer-seller watermarking protocol should 
provide the following securityproperties as the strategic 
design principle. 

1. Traceability: a copyright violator should be able to be 
traced and identified. 

2. Non-framing: nobody can accuse an honest buyer. 

3. Non-repudiation: a guilty buyer cannot deny his 
responsibility for a copyrightviolation caused by him. 

4. Dispute resolution: the copyright violator should be 
identified and adjudicatedwithout him revealing his private 
information, e.g. private keys or watermark. 

5. Conspiracy resistance: no colluded parties should be able 
to frame an innocent buyeror to confound the tracing by 
removing the watermark from the digital content. 

6. Anonymity: a buyer's identity is undisclosed until he is 
judged to be guilty. 

7. Unlinkability: nobody can determine whether the different 
watermarked contents arepurchased by the same buyer or 
not. 

II. Related Work 

In the past many buyer-sellers watermarking protocols 
have proposed and the literature is rich in the relevant area. 
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Qiao and Nahrstedt [13]first pointed out the customer's rights 
problem in the watermarkingprotocols for piracy tracing. 
However, their scheme is symmetric and doesn't guarantee 
thebuyer's security. The first known asymmetric buyer-seller 
watermark protocol wasintroduced by Memon and Wong [5] , 
and it was improved by Ju et al. [16]. Since the first introduc 
tion of the concept, several alternative design solutionshave 

Table I Comparison of Protocols 



been proposed. Except that the piracy tracing problem and 
the customer's rights problem aresolved in the early schemes, 
the existing solutions to the other problems are 
eitherimpractical or incomplete, as depicted in Table 1 - a 
Comparison of some the existing buyer-seller watermarking 
protocols with our Protocol. 
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1. The piracy tracing problem. All of these protocols are 
able to resolve the piracy tracingproblem, and provide a 
mechanism for the seller to trace and recover the identity of 
aguilty buyer. 

2. The customer 's rights problem. All these protocols can 
solve the customer's rightsproblem, since the protocols are 
designed asymmetric, i.e., the seller doesn't know theexact 
value of the buyer's watermark, neither does they know the 
final watermarkeddigital content that the buyer gets. 
Therefore, the accused buyer for an illegal replicationor 
distribution cannot claim that the copy is originated from the 
seller. 

3. The unbinding problem. Lei et al. [4] addressed the 
unbinding problem in Memon& Wong, [5], (Ju et al., [16], Goi 
et al.[2] has provided a mechanism to bind a specific 
transaction of a digital content to a specificbuyer, such that 
a malicious seller cannot transplant the watermark embedded 
in adigital content to another higher-priced content. The similar 
design principle is appliedin Shao, [14]. 

4. The conspiracy problem. Choi et al. [17] pointed out the 
conspiracyproblem of Memon& Wong, [5], Juet al., [16] where 
a malicious seller can colludewith an untrustworthy third party 
to fabricate piracy to frame an innocent buyer. Goi etal. [2] 
found the conspiracy problem couldn't be solved through 
commutative cryptosystems of Choi et al., [17], and further 
point out that theschemes of Memon& Wong, [5], Ju et al., 
[16], Choi et al., [17] are vulnerableagainst conspiracy attacks, 
and show that the protocol's security shouldn't rely on 
anythird party. According to our analysis, we conclude that 
the protocolsof Lei etal., [4], Shao, [14], and Ibrahim etal., [3] 
cannot resist the conspiracyattack, where a malicious seller 
can collude with a third party, such that the seller candiscover 
the buyer's watermark. 

5. The anonymity problem. Memon and Wong's protocol [5] 
requires the seller to know the buyer's identity to carry out a 
transaction. Protocols ofJu et al., [16], Choi et al., [17] improve 
Memon& Wong, [5] by applying ananonymous key pair in 
each transaction. However, both protocols require the WCA 
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toknow the buyer's identity, which means that the buyer's 
anonymity is not preservedagainst conspiracy attacks. In 
Goi et al., [2], the buyer is required to request asignature from 
the certification authority (CA) of the public key infrastructure 
(PKI) to generate a watermark. However, Goi et al., [2] cannot 
solve the anonymity problemefficiently, since before each 
transaction, the buyer has to contact the CA for a 
newsignature. Lei et al., [4], Shao, [14] apply 
anonymouscertificates, i.e., digital certificates without real 
identities of applicants. 

Nextsection proposes a new enhanced privacy preserving 
Buyer-Seller watermarking protocol for anonymous 
transaction. Apart from solving the above stated problems, 
this novel method is also finding solutions to Anonymity, 
Unlinkability and Loyalty marketing problem. 

III. Proposed System 

The proposed protocol addresses many issues found in 
its predecessor such as Dispute resolution 
problem,Anonymity, unlinkabilityproblem and it also fix the 
Loyalty marketing problemalong with other problems. The 
proposed model based on any public key cryptosystem has 
four different roles as follows. 

1. S: The seller or the sales point, from where the buyer 
purchases the digital content. The seller may be the 
original owner of the digital content, or an authorized 
reselling agent or dealer. 

2. B: The buyer, who wants to purchase a digital content 
from the seller S. 

3. CA: The Certification Authority is responsible for issuing 
Public-Secret key pair (Ps, Ss), Temporary Public-Private 
key pair (TPs, TSs), Buyer and Seller recognition number 
(BR^ and SRJ and watermark for individual digital content 
(W sP[D ), and functions to generate Authentication Key 
and embedding watermark.They may appoint trusted 
Regional Watermark Certification Authorities (RWCA) 
to share and reduce its workload. 
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4. ARB: An arbiter, who adjudicates lawsuits against the 
infringement of copyright and intellectual property. 
This section restricts itself to further discussion on 
security or implementation issues related to the public key 
cryptosystem by assuming that a public key infrastructure 
has been well deployed so that each party has its own public- 
private key pair as well as a digital signature certificate issued 
by CA. Also assume that every member in transaction has 
the access to the watermarking extraction and detection 
algorithm software in the CA website, which is required to 
verify the originality of the product purchased. Before 
elaborating further on the proposed protocol, the notations 
used in this model are defined below. 

X The Digital Content embedded with 

watermark 

X Original copy of the Digital Content without 

any watermark 
W Generated Watermark, which is to be 

embedded into the digital content 
PID Unique number given by the C A to identify a 

digital content, which will be published for 

anyone who is likely to take part in the 

transaction 

BRk Buyer Recognition key issued by the CA 

SRk Seller Recognition key issued by the CA 

© Watermark information binary Insertion 

operators into the original copy of digital 

content. 

(P B , S B ) A public-secret key pair, where P B is buyer's 
(or B's) public key and S B is B's secret key. 
A Temporary public-secret key pair, where 
TP B is buyer's (or B's) public key and TS B is 
B's secret key. 

The message M is encrypted using B's 
public key(using the private key algorithm) 
The message M is encrypted using B's 
private key(using the private key algorithm) 
The cipher text C is decrypted using S's public 
key(using the private key algorithm) 
The cipher text C is decrypted using S's 
private key(using the private key algorithm) 
The message M is encrypted using the 
private key K (using the private key 
algorithm) 

The message M is decrypted using the 
private key K (using the private key 
algorithm) 
By X©W means, 

x.ffiw,, x,,ffiw,, xffiw,x ,©W , X ©w } 

1 1' 2 2 n lr n+1 n+1 m m J 

A privacy homomorphism with respect to the binary 
operator © is applied to insert a watermark W to any original 
copy of the digital content X. For every a and b in the message 
block, © has the property that 

E pK (a©b) = E pK (a)©E pK (b) 

where PK is the public encryption key. The buyer-seller 
watermarking protocol in this section has three sub-protocols: 
Registration Protocols, Watermarking Protocol and 
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Arbitration Protocol. 

A. Registration Protocols 

Figure 1 show the registration protocol where the buyer 
is able to generate Temporary Public-Secret key pairs, and 
Buyer Recognition key, BRk, for the anonymous transaction. 
The Temporary keys and BRk can be used for as many as 
transaction without generating the further, till the buyer 
observes for a change. On the other hand seller is able to 
generate required Public-Secret key pairs and Seller 
Recognition key, SRk. This SRk can be used as a unique 
Seller Recognition code for any number of products (PIDs) 
to be sold over internet. 




Figure 1 Registration protocol 
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Figure 2 Transactions in the Registration protocol 

Figure 2 visualizes the details of possible transactions in 
the proposed registration protocol. Step-by-step procedures 
of the transactions are given below: 

1. S sends a request to CA for successfully registering 
with him to recognize him as the genuine seller. 

2. CA responding to request by generating the Seller 
Recognition key, SRk. 

3. S will have to register with CA for selling a product 
PID,EPca(PID,SRk). 

4. CA will generate the watermark Ws and homomorphic 
function to embed the watermark with the digital 
content, X and a Key function to check the 
authenticity of the watermarked content. 

5. B sends a request to CA to generate temporary Public- 
Secret key pairs to maintain the anonymity in the 
transaction. 

6. CA responds by delivering the temporary key.(TPb, 

TSb) 

7. Further to maintain increased anonymity in the 
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e-commerce, Buyer Recognition key, BRk, is 
requested. 
8. CAissuesBRktoB. 

B. Watermarking Protocol 

Figure 3 shows the transactions involved in the 
watermarking embedding protocol; where purchase order is 
palced once B is decided to purchase a product, PID, from S. 
To maintain anonymity, Buyer Recognition Key, BRk, and 
the product to be purchased, PID, along with the earlier 
received promotional coupen, PC, is forwaded. 
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Figure 3 watermarking embedding protocol 



If the any discount is applicable to PC forwarded, it is 
processed before the final invoice and payment confirmation 
is made. Watermark key, X 1 , is generated using the function / 
from PID, SRk, BRk, and Ps. The authentication key, K x , is 
generated using the key function^ with the help of PID, 
SRk, BRk, Ss. Now the watermark issued by the CA for the 
particular product, PID, for aseller, S, is embedded with the 
Watermark key, X 1 . 

Watermarked digital content, X, along with the 
authentication key, K x , and new promotional code is send to 
the S. The buyer, B, can check the authenticity (in the CA/ 
RCA website by giving the PID and SRk) of the product 
purchased by checking the SRk which is extracted from the 
watermarked image X, using the homomorphic function G with 
the generated number from the function /(PID, K x , BRk, Ps). 

C. Arbitration Protocol 

The identification and arbitration protocol is executed 
among the seller S, an Arbitrator ARB, and the CA, 

In case S finds a pirated copy Y of X, she extracts the 
watermark W sPID from Y,and searches sales record by 
correlating W s p[D and X' with the BRkof person (in the DB) 
who is possessing the digital content. If the required entry 
not found on the S's DB, it is further forward to the ARB for 
further inquiry and judgment. 

The ARB, with the help of CA and X' , easily extracts the 
required information as the digital product, PID, is sold by 
whom to whom. 

IV. Conclusion 

In this paper, we presenteddifferent attacks on buyer- 
seller watermarking to prove that neither ofthese existing pro- 
tocols is able to provide security for the buyer or the seller as 
claimed. We also address the anonymity, unlinkabilityand 
Loyalty problem inthese protocols. We propose an improved 



protocol, which is secure and fair for both theseller and the 
buyer. Our protocol employs privacy homomorphic 
cryptosystems and groupsignature schemes, in order to pro- 
tect the secrecy of the buyer and the seller, and to 
preserverevocable anonymity of the buyer. Comparing with 
early work, our anonymous buyer-sellerwatermarking 
protocolis able toaddress all the required existing issues apart 
fromanonymity, unlinkability and Loyalty problem. 
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